SIP phone Registration error: 403 - Forbidden (Bad auth)

Registration error: 403 - Forbidden (Bad auth)

Registration error: 408 - Forbidden (Bad auth)

These errors are caused by the firewall, the sip server accepts the registration and return traffic

traffic is blocked at the firewall. Please do the following changes at the firewall.

For example, Netgear, under advanced, WAN setup, put a check mark on disable SIP ALG

Port forwarding 5060

You need to enable ports tcp/udp 5060 to all networks.

I Rule for F5 LTM

I- Rule is a power full  code which modify the http header and redirect the http request to any way you want.
One of the common use is to transfer a http request to https based connection for security or www.x.com to https://x.com. I am attaching the sample code for http transfers.

rule 1

rule redirect_HTTPS

when HTTP_REQUEST {

  if { [TCP::local_port] == 80 }{

    HTTP::redirect https://[getfield [HTTP::host] ":" 1][string tolower [HTTP::uri]]

  }

}

rule 2

when HTTP_REQUEST {

            if { [HTTP::host] contains "www.x.com"} {

            HTTP::redirect https://x.com[HTTP::uri] }

}

Update for PHONE POWER Bria SIP phone configuration

Please correct the previous post as
 domain:208.64.8.6
proxy:208.64.8.6:5060

disable:SIP ALG on the router

Bria SIP phone (Phone Power) configuration for IPAD2

Steps for configuring the BRIA -Counterpath sip phone IPAD2 version  1.0 are given below. This steps are for phone power customers only

Go to User account settings

select
user name: your phone number
password: provided by the voip provider
domain:208.64.8.6:5060
proxy:208.64.8.6

once you entered the credentials, reboot the voip phone adapter and later restart the IPAD2. After an hour try to register the phone. It will show the message as REGISTERED. Once the sip phone is registered, you are ready to go.

Install SSL Certificate in F5 Load Balancer

The installation procedure to upload a SSL certificate from Verisign into F5 load balancer is given below

STEP I: Export Certificate and Private Key from the first IIS 6.0 server

Create an MMC Snap-in for Managing Certificates:

1. Start > run > MMC

2. Go into the Console Tab > File > Add/Remove Snap-in

3. Click on Add > Click Certificates > Add

4. Choose Computer Account

5. Choose Local Computer

6. Close the Add Standalone Snap-in window.

7. Click OK at the Add/Remove Snap-in window.

Export the Certificate with Private Key attached:

8. Expand Certificates in the Console Tree

9. Look for a folder called Personal > Certificates

10. Select the Certificate that you wish to back up.

11. Right-click on the file and choose > ALL TASKS > Export

12. The Certificate Export Wizard will start up. Click Next

13. Choose Yes, export the private key

14. Select Include all certificates in the certification path and click Next

15. Set a password to protect the export of the Private key file with the Certificate. Click Next

16. Choose to save the file to a set location.

Type the file name in the 'File Name' box, and click Save

Click Next

The file is given a *.pfx file-name extension

Login into F5 and change the directory to var/tmp

start the ftp prompt

Bin

get .pfx file

exit ftp

convert the .pfx file into .pem file by

openssl pkcs12 -in sap.ltg.info.pfx -out sap.ltg.info.pem –nodes

export the .pem file into your workstation.

open the pem file using wordpad

copy the key to notepad and save all ALL files .key

copy cert to not a notepad and save ALL file .crt

Load the key into F5 and then CRT file. Once the certificate is loaded, the certificate details will be displayed under SSL certificates tab.